Thingiverse – the biggest platform with free 3D printing models has been hacked. Have I Been Pwned? reports that there has been a hack and theft of a 36 GB backup file containing 228,000 unique e-mail addresses and other information enabling the identification of people who have an account on the platform. The data is circulating on the popular hacking forum.

Data includes e-mail addresses, passwords, usernames, IP addresses, and in some cases, physical addresses of computers. Thingiverse’s owner, MakerBot (owned by Stratasys), knows about the incident, but has yet to issue an official data leak statement.

The leak was discovered by Troy Hunt – creator of Have I Been Pwned? After analyzing the feed from the hacking forum, Hunt reported that the backup file was publicly dumped exactly one year ago, on October 13, 2020, and has been exposed ever since. He also adds that the leaked data appears to be a MySQL database that contains over 255 million lines of data. “The earliest dates in the dataset appear to be about ten years ago, but I haven’t analyzed them thoroughly enough,” says Hunt.

Hunt says the vast majority of email addresses appear to be in the form of webdev + [username] @ The following is an example of a complete record retrieved from the data table:

1[XXXXX]1,'[username]','webdev+[username]','$2y$10$X26cQ2uz5Uh1EyfIabIpguXHcS7G3uJ1AC8MnvxQ7dlFewy8wUWQq',NULL,NULL,'',0,'','2018-02-19 06:07:43','2018-02-19 05:51:17',0,'cc-sa',1,1,1,1,1,1,1,NULL,0,0,0,0,'',0,'AR','Maker/Consumer','','1099',0,'199[X]-0[X]-25 00:00:00',NULL,0,NULL

The good news is that there is no trace of clear text passwords in the published dataset. Nevertheless, it is worth thinking about changing the password – and above all checking if the ones used on Thingiverse are not the same ones you use on other, slightly more important platforms…? Unfortunately, my e-mail address was on the leaked list – luckily, the password I used on Thingiverse was insignificant (“junk”). Anyway, I have already changed it, which I also urge you to do.


Paweł Ślusarczyk
CEO of 3D Printing Center. Has over 15 years' experience in buisiness, gained in IT, advertising and polygraphy. Part of 3D printing industry since 2013.

Comments are closed.

You may also like